Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!
For the less technical
- Hackers used Meta’s AI support bot to seize Instagram accounts
- Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code
- 'Dumbass' criminal breaks the 'first rule of ransomware club'
- Can’t make sense of Dashlane’s vault theft notification? You’re not alone
- GTA cheat service Atlas Menu hacked as attacker alleges screenshot spying
For the more technical
- Android Security Bulletin—June 2026
- CVE-2026-28910: Breaking macOS App Sandbox data containers, TCC, and hijacking apps using Archive Utility
- CIFSwitch: a non-universal Linux local root vulnerability
- Critical Windows Netlogon RCE flaw now exploited in attacks
- 1-click GitHub token stealing via a VSCode bug
- HTTP/2 Bomb: AI-discovered DoS hits every major web server
- ChatGPhish: The page is the payload
- 15,000 WordPress sites affected by administrator account creation vulnerability in WP Maps Pro WordPress plugin
- Malicious NuGet package impersonates Sicoob SDK to exfiltrate banking certificates and passwords
- Typosquatted npm packages used to steal cloud and CI/CD secrets
- Red Hat npm packages compromised to spread a credential-stealing worm
- Mini Shai-Hulud campaign hits Red Hat Cloud Services npm packages
- New Shai-Hulud hits npm: @redhat-cloud-services compromised
- Malware targeting WordPress abuses Steam community profiles for command & control operations
- Game Over: WeedHack – The rise of Minecraft malware-as-a-service campaign
- NightSpire ransomware attack chain, tools and tactics
- GREYVIBE: A Russia-nexus group leveraging AI across state-aligned operations
- Sanctioned, seized, still scanning: Inside a Russian bulletproof hosting network targeting the EU
Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.
Comments